Changing Grant Type to Client Credentials from Authorisation Code for Microsoft Teams Graph SpokeThis guide details the steps to change the grant type from Authorization Code to Client Credentials in the Microsoft Teams Graph Spoke. The out-of-the-box spoke has 2 connection aliases: Microsoft Teams Spoke Connection & Credential Alias - All actions of Application Management, Channel Management, Chat Management, Notification Management, Team Management categories and Look up Schedules action in Calendar Management category use the Microsoft Teams Spoke connection & credential alias and require delegated permissions.Microsoft Teams Graph Client Credentials Connection & Credential Alias - Calendar and Webhook management (except Look up schedules action in Calendar Management) use the Microsoft Teams Graph Client Credentials connection & credential alias and required application permissions. If the use case is to use the Microsoft Teams Graph Spoke without requiring user interaction, simplifying automation and background processes, then change the OAuth authentication to Client Credentials grant type such that the ServiceNow application can access the Microsoft Teams Graph API without user involvement. Understanding the Change: Authorization Code Grant Type: This process involves user interaction, where a user logs in with their Microsoft account to grant permissions.Client Credentials Grant Type: This process is server-to-server, where the application uses its own credentials (Client ID and Client Secret) to access the Microsoft Teams Graph API without user involvement. Prerequisites: Access to your ServiceNow instance.Access to the Azure portal where the application is registered to grant the necessary API permissions. Permissions: Ensure your application has the necessary permissions to access the Microsoft Teams Graph data you require. You can manage permissions in the Azure app registration portal under API Permissions. Please refer to the Permissions table at the end of this article to understand the application and delegated API permissions required for each operation. Note down the Client ID, Client Secret and Tenant ID from the Azure application registry. Procedure: I. Create Application Registry record Steps: 1. Navigate to All > System OAuth > Application Registry. 2. Open the record for the Microsoft Teams Graph or create a new record. 3. On the form, fill in the fields. Field Value Name Name to uniquely identify the record. For example, enter MS Teams Client Credentials OAuth. Client ID Client ID of the application created in Azure portal. Client Secret Client Secret created during the application creation in Azure portal. Default Grant Type Select Client Credentials grant type. Accessible from Application scope that this registry is accessible from. Select All application scopes. Active Option to actively use the application registry. Select the option. Token URL OAuth server token endpoint. Enter https://login.microsoftonline.com/<Directory-ID>/oauth2/v2.0/token Replace the <Directory-ID> with the Tenant ID of the application in Azure portal. Redirect URL OAuth callback endpoint. For example, https://<ServiceNow-Instance>.com/oauth_redirect.do 4. In the OAuth Entity Scopes tab, insert a row and provide these values. Field Value Name Name to identify the record. For example, enter Default. OAuth scope Enter https://graph.microsoft.com/.default 5. Right-click the form header, and click Save. 6. In the OAuth Entity Profile tab, click the default profile, MS Teams Client Credentials OAuth default_profile. 7. Verify that the Default entity scope created above in Step 4 is seen under the OAuth Entity Scope related list. If it is not available automatically, then insert a record in the OAuth Entity Scope related list and select the Default entity scope created above in Step 4 for the Microsoft Teams Graph spoke and click on Update. II. Create Credential record Steps: 1. Navigate to All > Connections & Credentials > Credentials. 2. Click New. The system displays the message "What type of Credentials would you like to create?". 3. Select OAuth 2.0 Credentials. 4. On the form, fill in the fields. Field Value Name Name to uniquely identify the record. For example, MS Teams Client Cred. Active Option to actively use the credential record. Select the option. OAuth Entity Profile OAuth entity profile created in the above step. For example, select MS Teams Client Credentials oAuth default_profile. Order Order that the credentials are used. For example, enter 100. 5. Right-click the form header and click Save. 6. Click on Get OAuth Token related link to generate the OAuth token. Result The OAuth token of Client Credentials grant type is retrieved with the Application Type permissions granted to the application on Azure Portal. III. Create Connection record Steps: 1. Navigate to All > Connections & Credentials > Connection & Credential Aliases. 2. Open the record Microsoft Teams Spoke. 3. From the Connections tab, click New. If a connection already exists associated with the alias, set it as inactive. 4. On the form, in the HTTP(s) Connection section, fill these values. Field Value Name Name to uniquely identify the connection record. For example, enter MS Teams Client Creds Conn. Credential Credential record you created earlier. For example, select MS Teams Client Cred. Connection alias Alias record associated with this connection. URL builder Note: Do not select the check box. Connection URL URL of the Microsoft Graph APIs. Enter https://graph.microsoft.com Use MID server This field isn't applicable. Active Option to actively use the connection. Select the option. Domain Domain that the action or activity runs in. 5. In the Attributes tab, fill these values. Attribute Description api_version Microsoft Graph API version 6. Click Submit. Result The spoke connections are configured and the spoke ready to be used. Test the changes: Test your Microsoft Teams Graph Spoke actions to ensure successful authentication and data retrieval using the Client Credentials flow. Refer to the Microsoft Graph documentation for specific API calls and usage guidelines. API Permissions Table: Category Action Description Permissions required (from least to most privileged) Application Management Install Application to User Installs the specified application in the personal scope of the user. Delegated (work or school account) TeamsAppInstallation.ReadWriteSelfForUser, TeamsAppInstallation.ReadWriteForUser Delegated (personal Microsoft account) Not supported. Application TeamsAppInstallation.ReadWriteSelfForUser.All, TeamsAppInstallation.ReadWriteForUser.All Look up User App Installation Retrieves the details of the specified application's installation for the user. Delegated (work or school account) TeamsAppInstallation.ReadForUser, TeamsAppInstallation.ReadWriteSelfForUser, TeamsAppInstallation.ReadWriteForUser Delegated (personal Microsoft account) Not supported. Application TeamsAppInstallation.ReadForUser.All, TeamsAppInstallation.ReadWriteSelfForUser.All, TeamsAppInstallation.ReadWriteForUser.All Calendar Management Create Meeting Creates an online meeting event in the MS Teams calendar. Delegated (work or school account) Calendars.ReadWrite Delegated (personal Microsoft account) Calendars.ReadWrite Application Calendars.ReadWrite Delete Meeting Deletes meeting event from the MS Teams calendar. Delegated (work or school account) Calendars.ReadWrite Delegated (personal Microsoft account) Calendars.ReadWrite Application Calendars.ReadWrite Look up Meeting Retrieves meeting event details from the MS Teams calendar. Delegated (work or school account) Calendars.Read Delegated (personal Microsoft account) Calendars.Read Application Calendars.Read Look up Meeting Occurrences Retrieves recurrence child meeting ID from the MS Teams calendar. Delegated (work or school account) Calendars.Read Delegated (personal Microsoft account) Calendars.Read Application Calendars.Read Look up Meetings Stream Retrieves meeting events details from the MS Teams calendar. Delegated (work or school account) Calendars.Read, Calendars.ReadWrite Delegated (personal Microsoft account) Calendars.Read, Calendars.ReadWrite Application Calendars.Read, Calendars.ReadWrite Look up Schedules Retrieves the availability information (free or busy) for a collection of users, distributions lists, or resources (rooms or equipment) for the specified time period. Delegated (work or school account) Calendars.Read, Calendars.ReadWrite Delegated (personal Microsoft account) Not supported. Application Calendars.Read, Calendars.ReadWrite Update Meeting Creates an online meeting event in the MS Teams calendar. Delegated (work or school account) Calendars.ReadWrite Delegated (personal Microsoft account) Calendars.ReadWrite Application Calendars.ReadWrite Channel Management Add Member to Channel Adds the specified member to the specified channel. Delegated (work or school account) ChannelMember.ReadWrite.All Delegated (personal Microsoft account) Not supported. Application ChannelMember.ReadWrite.All Create Channel Create a new channel in a team. Delegated (work or school account) Channel.Create, Group.ReadWrite.All**, Directory.ReadWrite.All** Delegated (personal Microsoft account) Not supported. Application Channel.Create.Group*, Channel.Create, Teamwork.Migrate.All, Group.ReadWrite.All**, Directory.ReadWrite.All** Delete Channel Removes the specified channel from the required team and deletes all conversations. Delegated (work or school account) Channel.Delete.All, Group.ReadWrite.All**, Directory.ReadWrite.All** Delegated (personal Microsoft account) Not supported. Application Channel.Delete.Group*, Channel.Delete.All, Group.ReadWrite.All**, Directory.ReadWrite.All** Look up Channel Retrieves the properties and relationships of a channel. Delegated (work or school account) Channel.ReadBasic.All, ChannelSettings.Read.All, ChannelSettings.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** Delegated (personal Microsoft account) Not supported. Application ChannelSettings.Read.Group*, ChannelSettings.ReadWrite.Group*, Channel.ReadBasic.All, ChannelSettings.Read.All, ChannelSettings.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** Look up Channel by Name Retrieves the Channel ID and properties given a channel name and team ID. Delegated (work or school account) Channel.ReadBasic.All, ChannelSettings.Read.All, ChannelSettings.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** Delegated (personal Microsoft account) Not supported. Application ChannelSettings.Read.Group*, ChannelSettings.ReadWrite.Group*, Channel.ReadBasic.All, ChannelSettings.Read.All,ChannelSettings.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** Look up Channel Members Retrieves a list of channel members. Delegated (work or school account) ChannelMember.Read.All, ChannelMember.ReadWrite.All Delegated (personal Microsoft account) Not supported. Application ChannelMember.Read.All, ChannelMember.ReadWrite.All Look up Channel Messages Retrieves the list of messages in a channel of a team. Delegated (work or school account) ChannelMessage.Read.All Delegated (personal Microsoft account) Not supported. Application ChannelMessage.Read.Group*, ChannelMessage.Read.All Look up Channels Retrieves the list of channels in this team. Delegated (work or school account) Channel.ReadBasic.All, ChannelSettings.Read.All, ChannelSettings.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** Delegated (personal Microsoft account) Not supported. Application ChannelSettings.Read.Group*, ChannelSettings.ReadWrite.Group*, Channel.ReadBasic.All, ChannelSettings.Read.All, ChannelSettings.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** Remove Member from Channel Removes the specified user from the specified channel. Delegated (work or school account) ChannelMember.ReadWrite.All Delegated (personal Microsoft account) Not supported. Application ChannelMember.ReadWrite.All Chat Management Create Chat Creates a chat between the users. Delegated (work or school account) Chat.Create, Chat.ReadWrite Delegated (personal Microsoft account) Not supported. Application Chat.Create Look up Chat Message Deltas Stream Retrieves the list of messages (without the replies) from a team's channel. Delegated (work or school account) Mail.ReadBasic, Mail.Read, Mail.ReadWrite Delegated (personal Microsoft account) Mail.ReadBasic, Mail.Read, Mail.ReadWrite Application Mail.ReadBasic.All , Mail.Read, Mail.ReadWrite Look up Chat Messages Retrieves the list of messages in a chat. Delegated (work or school account) Chat.Read, Chat.ReadWrite Delegated (personal Microsoft account) Not supported. Application Chat.Read.All, Chat.ReadWrite.All Look up Chats Retrieves the list of chats that the user is a part of. Delegated (work or school account) Chat.ReadBasic, Chat.Read, Chat.ReadWrite Delegated (personal Microsoft account) Not supported. Application Chat.ReadBasic.All*, Chat.Read.All*, Chat.ReadWrite.All* Look up Message Retrieves the details of the specified message. Delegated (work or school account) Chat.Read, Chat.ReadWrite Delegated (personal Microsoft account) Not supported. Application Chat.Read.All, Chat.ReadWrite.All Look up Message Replies Stream Retrieves the list of replies for the specified message from a team's channel. Delegated (work or school account) ChannelMessage.Read.All Delegated (personal Microsoft account) Not supported. Application ChannelMessage.Read.Group*, ChannelMessage.Read.All Post Message to Chat Posts message to a Microsoft Teams chat. Delegated (work or school account) ChatMessage.Send, Chat.ReadWrite Delegated (personal Microsoft account) Not supported. Application Not supported. Notification Management Post ChangeDetails Posts details of the required change to a Microsoft Teams channel. Delegated (work or school account) ChannelMessage.Send, Group.ReadWrite.All** Delegated (personal Microsoft account) Not supported. Application Not supported. Post Incident Details Posts details of the required incident to a Microsoft Teams channel. Delegated (work or school account) ChannelMessage.Send, Group.ReadWrite.All** Delegated (personal Microsoft account) Not supported. Application Not supported. Post Message Posts message to a Microsoft Teams channel. Delegated (work or school account) ChannelMessage.Send, Group.ReadWrite.All** Delegated (personal Microsoft account) Not supported. Application Not supported. Post Problem Details Posts details of the required problem to a Microsoft Teams channel. Delegated (work or school account) ChannelMessage.Send, Group.ReadWrite.All** Delegated (personal Microsoft account) Not supported. Application Not supported. Post Reply to Message Posts a reply to the specified message. Delegated (work or school account) ChannelMessage.Send, Group.ReadWrite.All** Delegated (personal Microsoft account) Not supported. Application Not supported. Team Management Add Member to Team Adds the specified user to the specified team. Delegated (work or school account) TeamMember.ReadWrite.All Delegated (personal Microsoft account) Not supported. Application TeamMember.ReadWrite.All Archive Team When a team is archived, users can no longer send or like messages on any channel in team or make Team setting updates. Delegated (work or school account) TeamSettings.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** Delegated (personal Microsoft account) Not supported. Application TeamSettings.ReadWrite.Group*, TeamSettings.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** Create Team Create a team from an existing Office 365 group.Note: The team ID is the same as the group ID. Delegated (work or school account) Group.ReadWrite.All, Directory.ReadWrite.All Delegated (personal Microsoft account) Not supported. Application Group.ReadWrite.All, Directory.ReadWrite.All Delete Team Deletes the specified team. Delegated (work or school account) Group.ReadWrite.All Delegated (personal Microsoft account) Not supported. Application Group.ReadWrite.All Look up Team Retrieves the properties and relationships of a team. Delegated (work or school account) Team.ReadBasic.All, TeamSettings.Read.All, TeamSettings.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** Delegated (personal Microsoft account) Not supported. Application TeamSettings.Read.Group*, TeamSettings.ReadWrite.Group*, Team.ReadBasic.All, TeamSettings.Read.All, TeamSettings.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** Look up Team Members Stream Retrieves list of team members. Delegated (work or school account) TeamMember.Read.All, TeamMember.ReadWrite.All Delegated (personal Microsoft account) Not supported. Application TeamMember.Read.Group*, TeamMember.Read.All, TeamMember.ReadWrite.All Look up Teams by User Lists teams of the user containing IDs and their display names. Delegated (work or school account) Team.ReadBasic.All, TeamSettings.Read.All, TeamSettings.ReadWrite.All, User.Read.All, User.ReadWrite.All, Directory.Read.All**, Directory.ReadWrite.All** Delegated (personal Microsoft account) Not supported. Application Team.ReadBasic.All, TeamSettings.Read.All, TeamSettings.ReadWrite.All, User.Read.All, User.ReadWrite.All, Directory.Read.All**, Directory.ReadWrite.All** Remove Member from Team Removes the specified member from the specified team. Delegated (work or school account) TeamMember.ReadWrite.All Delegated (personal Microsoft account) Not supported. Application TeamMember.ReadWrite.All Unarchive Team Restores an archived team. Enables members to post to channels in the team, make comments, and like posts again. Delegated (work or school account) TeamSettings.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** Delegated (personal Microsoft account) Not supported. Application TeamSettings.ReadWrite.Group*, TeamSettings.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** Update Team Updates the properties of a specific team. Delegated (work or school account) TeamSettings.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** Delegated (personal Microsoft account) Not supported. Application TeamSettings.ReadWrite.Group*, TeamSettings.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** Webhook Management Look up Webhook Subscription Retrieves details of the required webhook subscription. Delegated (work or school account) ChannelMessage.Read.All Delegated (personal Microsoft account) Not supported. Application ChannelMessage.Read.All, Chat.Read.All Look up Webhook Subscriptions Stream Retrieves details of all webhook subscriptions. Delegated (work or school account) ChannelMessage.Read.All Delegated (personal Microsoft account) Not supported. Application ChannelMessage.Read.All, Chat.Read.All Renew Webhook Subscription Renews the specified webhook subscription. Delegated (work or school account) ChannelMessage.Read.All Delegated (personal Microsoft account) Not supported. Application ChannelMessage.Read.All, Chat.Read.All Subscribe Webhook Creates a webhook subscription for the specified resource. Delegated (work or school account) ChannelMessage.Read.All Delegated (personal Microsoft account) Not supported. Application ChannelMessage.Read.All, Chat.Read.All Unsubscribe Webhook Deletes the specified webhook subscription. Delegated (work or school account) ChannelMessage.Read.All Delegated (personal Microsoft account) Not supported. Application ChannelMessage.Read.All, Chat.Read.All